1 # -*- coding: utf-8 -*-
3 ceph dashboard mgr plugin (based on CherryPy)
14 from typing
import TYPE_CHECKING
, Optional
17 if sys
.version_info
>= (3, 8):
18 from typing
import Literal
20 from typing_extensions
import Literal
22 from mgr_module
import CLIReadCommand
, CLIWriteCommand
, HandleCommandResult
, \
23 MgrModule
, MgrStandbyModule
, NotifyType
, Option
, _get_localized_key
24 from mgr_util
import ServerConfigException
, build_url
, \
25 create_self_signed_cert
, get_default_addr
, verify_tls_files
28 from .controllers
import Router
, json_error_page
29 from .grafana
import push_local_dashboards
30 from .services
.auth
import AuthManager
, AuthManagerTool
, JwtManager
31 from .services
.exception
import dashboard_exception_handler
32 from .services
.rgw_client
import configure_rgw_credentials
33 from .services
.sso
import SSO_COMMANDS
, handle_sso_command
34 from .settings
import handle_option_command
, options_command_list
, options_schema_list
35 from .tools
import NotificationQueue
, RequestLoggingTool
, TaskManager
, \
36 prepare_url_prefix
, str_to_bool
40 from cherrypy
._cptools
import HandlerWrapperTool
42 # To be picked up and reported by .can_run()
45 from .services
.sso
import load_sso_db
47 if cherrypy
is not None:
48 from .cherrypy_backports
import patch_cherrypy
49 patch_cherrypy(cherrypy
.__version
__)
51 # pylint: disable=wrong-import-position
52 from .plugins
import PLUGIN_MANAGER
, debug
, feature_toggles
, motd
# isort:skip # noqa E501 # pylint: disable=unused-import
54 PLUGIN_MANAGER
.hook
.init()
57 # cherrypy likes to sys.exit on error. don't let it take us down too!
58 # pylint: disable=W0613
59 def os_exit_noop(*args
):
63 # pylint: disable=W0212
64 os
._exit
= os_exit_noop
67 logger
= logging
.getLogger(__name__
)
70 class CherryPyConfig(object):
72 Class for common server configuration done by both active and
73 standby module, especially setting up SSL.
77 self
._stopping
= threading
.Event()
88 return self
._url
_prefix
91 def update_cherrypy_config(config
):
92 PLUGIN_MANAGER
.hook
.configure_cherrypy(config
=config
)
93 cherrypy
.config
.update(config
)
95 # pylint: disable=too-many-branches
98 Configure CherryPy and initialize self.url_prefix
102 server_addr
= self
.get_localized_module_option( # type: ignore
103 'server_addr', get_default_addr())
104 use_ssl
= self
.get_localized_module_option('ssl', True) # type: ignore
106 server_port
= self
.get_localized_module_option('server_port', 8080) # type: ignore
108 server_port
= self
.get_localized_module_option('ssl_server_port', 8443) # type: ignore
110 if server_addr
is None:
111 raise ServerConfigException(
112 'no server_addr configured; '
113 'try "ceph config set mgr mgr/{}/{}/server_addr <ip>"'
114 .format(self
.module_name
, self
.get_mgr_id())) # type: ignore
115 self
.log
.info('server: ssl=%s host=%s port=%d', 'yes' if use_ssl
else 'no', # type: ignore
116 server_addr
, server_port
)
118 # Initialize custom handlers.
119 cherrypy
.tools
.authenticate
= AuthManagerTool()
120 cherrypy
.tools
.plugin_hooks_filter_request
= cherrypy
.Tool(
122 lambda: PLUGIN_MANAGER
.hook
.filter_request_before_handler(request
=cherrypy
.request
),
124 cherrypy
.tools
.request_logging
= RequestLoggingTool()
125 cherrypy
.tools
.dashboard_exception_handler
= HandlerWrapperTool(dashboard_exception_handler
,
128 cherrypy
.log
.access_log
.propagate
= False
129 cherrypy
.log
.error_log
.propagate
= False
131 # Apply the 'global' CherryPy configuration.
133 'engine.autoreload.on': False,
134 'server.socket_host': server_addr
,
135 'server.socket_port': int(server_port
),
136 'error_page.default': json_error_page
,
137 'tools.request_logging.on': True,
138 'tools.gzip.on': True,
139 'tools.gzip.mime_types': [
140 # text/html and text/plain are the default types to compress
141 'text/html', 'text/plain',
142 # We also want JSON and JavaScript to be compressed
144 'application/*+json',
145 'application/javascript',
147 'tools.json_in.on': True,
148 'tools.json_in.force': True,
149 'tools.plugin_hooks_filter_request.on': True,
154 cert
= self
.get_localized_store("crt") # type: ignore
156 self
.cert_tmp
= tempfile
.NamedTemporaryFile()
157 self
.cert_tmp
.write(cert
.encode('utf-8'))
158 self
.cert_tmp
.flush() # cert_tmp must not be gc'ed
159 cert_fname
= self
.cert_tmp
.name
161 cert_fname
= self
.get_localized_module_option('crt_file') # type: ignore
163 pkey
= self
.get_localized_store("key") # type: ignore
165 self
.pkey_tmp
= tempfile
.NamedTemporaryFile()
166 self
.pkey_tmp
.write(pkey
.encode('utf-8'))
167 self
.pkey_tmp
.flush() # pkey_tmp must not be gc'ed
168 pkey_fname
= self
.pkey_tmp
.name
170 pkey_fname
= self
.get_localized_module_option('key_file') # type: ignore
172 verify_tls_files(cert_fname
, pkey_fname
)
174 # Create custom SSL context to disable TLS 1.0 and 1.1.
175 context
= ssl
.create_default_context(ssl
.Purpose
.CLIENT_AUTH
)
176 context
.load_cert_chain(cert_fname
, pkey_fname
)
177 if sys
.version_info
>= (3, 7):
178 context
.minimum_version
= ssl
.TLSVersion
.TLSv1_2
180 context
.options |
= ssl
.OP_NO_TLSv1 | ssl
.OP_NO_TLSv1_1
182 config
['server.ssl_module'] = 'builtin'
183 config
['server.ssl_certificate'] = cert_fname
184 config
['server.ssl_private_key'] = pkey_fname
185 config
['server.ssl_context'] = context
187 self
.update_cherrypy_config(config
)
189 self
._url
_prefix
= prepare_url_prefix(self
.get_module_option( # type: ignore
190 'url_prefix', default
=''))
192 if server_addr
in ['::', '0.0.0.0']:
193 server_addr
= self
.get_mgr_ip() # type: ignore
194 base_url
= build_url(
195 scheme
='https' if use_ssl
else 'http',
199 uri
= f
'{base_url}{self.url_prefix}/'
202 def await_configuration(self
):
204 Block until configuration is ready (i.e. all needed keys are set)
205 or self._stopping is set.
207 :returns URI of configured webserver
209 while not self
._stopping
.is_set():
211 uri
= self
._configure
()
212 except ServerConfigException
as e
:
213 self
.log
.info( # type: ignore
214 "Config not ready to serve, waiting: {0}".format(e
)
216 # Poll until a non-errored config is present
217 self
._stopping
.wait(5)
219 self
.log
.info("Configured CherryPy, starting engine...") # type: ignore
224 SslConfigKey
= Literal
['crt', 'key']
227 class Module(MgrModule
, CherryPyConfig
):
229 dashboard module entrypoint
234 'cmd': 'dashboard set-jwt-token-ttl '
235 'name=seconds,type=CephInt',
236 'desc': 'Set the JWT token TTL in seconds',
240 'cmd': 'dashboard get-jwt-token-ttl',
241 'desc': 'Get the JWT token TTL in seconds',
245 "cmd": "dashboard create-self-signed-cert",
246 "desc": "Create self signed certificate",
250 "cmd": "dashboard grafana dashboards update",
251 "desc": "Push dashboards to Grafana",
255 COMMANDS
.extend(options_command_list())
256 COMMANDS
.extend(SSO_COMMANDS
)
257 PLUGIN_MANAGER
.hook
.register_commands()
260 Option(name
='server_addr', type='str', default
=get_default_addr()),
261 Option(name
='server_port', type='int', default
=8080),
262 Option(name
='ssl_server_port', type='int', default
=8443),
263 Option(name
='jwt_token_ttl', type='int', default
=28800),
264 Option(name
='url_prefix', type='str', default
=''),
265 Option(name
='key_file', type='str', default
=''),
266 Option(name
='crt_file', type='str', default
=''),
267 Option(name
='ssl', type='bool', default
=True),
268 Option(name
='standby_behaviour', type='str', default
='redirect',
269 enum_allowed
=['redirect', 'error']),
270 Option(name
='standby_error_status_code', type='int', default
=500,
273 MODULE_OPTIONS
.extend(options_schema_list())
274 for options
in PLUGIN_MANAGER
.hook
.get_options() or []:
275 MODULE_OPTIONS
.extend(options
)
277 NOTIFY_TYPES
= [NotifyType
.clog
]
279 __pool_stats
= collections
.defaultdict(lambda: collections
.defaultdict(
280 lambda: collections
.deque(maxlen
=10))) # type: dict
282 def __init__(self
, *args
, **kwargs
):
283 super(Module
, self
).__init
__(*args
, **kwargs
)
284 CherryPyConfig
.__init
__(self
)
288 self
._stopping
= threading
.Event()
289 self
.shutdown_event
= threading
.Event()
290 self
.ACCESS_CTRL_DB
= None
292 self
.health_checks
= {}
297 return False, "Missing dependency: cherrypy"
299 if not os
.path
.exists(cls
.get_frontend_path()):
300 return False, ("Frontend assets not found at '{}': incomplete build?"
301 .format(cls
.get_frontend_path()))
306 def get_frontend_path(cls
):
307 current_dir
= os
.path
.dirname(os
.path
.abspath(__file__
))
308 path
= os
.path
.join(current_dir
, 'frontend/dist')
309 if os
.path
.exists(path
):
312 path
= os
.path
.join(current_dir
,
314 'src/pybind/mgr/dashboard',
316 return os
.path
.abspath(path
)
320 if 'COVERAGE_ENABLED' in os
.environ
:
322 __cov
= coverage
.Coverage(config_file
="{}/.coveragerc"
323 .format(os
.path
.dirname(__file__
)),
326 cherrypy
.engine
.subscribe('after_request', __cov
.save
)
327 cherrypy
.engine
.subscribe('stop', __cov
.stop
)
329 AuthManager
.initialize()
332 uri
= self
.await_configuration()
334 # We were shut down while waiting
337 # Publish the URI that others may use to access the service we're
338 # about to start serving
341 mapper
, parent_urls
= Router
.generate_routes(self
.url_prefix
)
344 for purl
in parent_urls
:
346 'request.dispatch': mapper
349 cherrypy
.tree
.mount(None, config
=config
)
351 PLUGIN_MANAGER
.hook
.setup()
353 cherrypy
.engine
.start()
354 NotificationQueue
.start_queue()
356 logger
.info('Engine started.')
357 update_dashboards
= str_to_bool(
358 self
.get_module_option('GRAFANA_UPDATE_DASHBOARDS', 'False'))
359 if update_dashboards
:
360 logger
.info('Starting Grafana dashboard task')
362 'grafana/dashboards/update',
364 push_local_dashboards
,
365 kwargs
=dict(tries
=10, sleep
=60),
367 # wait for the shutdown event
368 self
.shutdown_event
.wait()
369 self
.shutdown_event
.clear()
370 NotificationQueue
.stop()
371 cherrypy
.engine
.stop()
372 logger
.info('Engine stopped')
375 super(Module
, self
).shutdown()
376 CherryPyConfig
.shutdown(self
)
377 logger
.info('Stopping engine...')
378 self
.shutdown_event
.set()
380 def _set_ssl_item(self
, item_label
: str, item_key
: 'SslConfigKey' = 'crt',
381 mgr_id
: Optional
[str] = None, inbuf
: Optional
[str] = None):
383 return -errno
.EINVAL
, '', f
'Please specify the {item_label} with "-i" option'
385 if mgr_id
is not None:
386 self
.set_store(_get_localized_key(mgr_id
, item_key
), inbuf
)
388 self
.set_store(item_key
, inbuf
)
389 return 0, f
'SSL {item_label} updated', ''
391 @CLIWriteCommand("dashboard set-ssl-certificate")
392 def set_ssl_certificate(self
, mgr_id
: Optional
[str] = None, inbuf
: Optional
[str] = None):
393 return self
._set
_ssl
_item
('certificate', 'crt', mgr_id
, inbuf
)
395 @CLIWriteCommand("dashboard set-ssl-certificate-key")
396 def set_ssl_certificate_key(self
, mgr_id
: Optional
[str] = None, inbuf
: Optional
[str] = None):
397 return self
._set
_ssl
_item
('certificate key', 'key', mgr_id
, inbuf
)
399 @CLIWriteCommand("dashboard create-self-signed-cert")
400 def set_mgr_created_self_signed_cert(self
):
401 cert
, pkey
= create_self_signed_cert('IT', 'ceph-dashboard')
402 result
= HandleCommandResult(*self
.set_ssl_certificate(inbuf
=cert
))
403 if result
.retval
!= 0:
406 result
= HandleCommandResult(*self
.set_ssl_certificate_key(inbuf
=pkey
))
407 if result
.retval
!= 0:
409 return 0, 'Self-signed certificate created', ''
411 @CLIWriteCommand("dashboard set-rgw-credentials")
412 def set_rgw_credentials(self
):
414 configure_rgw_credentials()
415 except Exception as error
:
416 return -errno
.EINVAL
, '', str(error
)
418 return 0, 'RGW credentials configured', ''
420 @CLIWriteCommand("dashboard set-login-banner")
421 def set_login_banner(self
, inbuf
: str):
423 Set the custom login banner read from -i <file>
425 item_label
= 'login banner file'
427 return HandleCommandResult(
429 stderr
=f
'Please specify the {item_label} with "-i" option'
431 mgr
.set_store('custom_login_banner', inbuf
)
432 return HandleCommandResult(stdout
=f
'{item_label} added')
434 @CLIReadCommand("dashboard get-login-banner")
435 def get_login_banner(self
):
437 Get the custom login banner text
439 banner_text
= mgr
.get_store('custom_login_banner')
440 if banner_text
is None:
441 return HandleCommandResult(stdout
='No login banner set')
443 return HandleCommandResult(stdout
=banner_text
)
445 @CLIWriteCommand("dashboard unset-login-banner")
446 def unset_login_banner(self
):
448 Unset the custom login banner
450 mgr
.set_store('custom_login_banner', None)
451 return HandleCommandResult(stdout
='Login banner removed')
453 def handle_command(self
, inbuf
, cmd
):
454 # pylint: disable=too-many-return-statements
455 res
= handle_option_command(cmd
, inbuf
)
456 if res
[0] != -errno
.ENOSYS
:
458 res
= handle_sso_command(cmd
)
459 if res
[0] != -errno
.ENOSYS
:
461 if cmd
['prefix'] == 'dashboard set-jwt-token-ttl':
462 self
.set_module_option('jwt_token_ttl', str(cmd
['seconds']))
463 return 0, 'JWT token TTL updated', ''
464 if cmd
['prefix'] == 'dashboard get-jwt-token-ttl':
465 ttl
= self
.get_module_option('jwt_token_ttl', JwtManager
.JWT_TOKEN_TTL
)
466 return 0, str(ttl
), ''
467 if cmd
['prefix'] == 'dashboard grafana dashboards update':
468 push_local_dashboards()
469 return 0, 'Grafana dashboards updated', ''
471 return (-errno
.EINVAL
, '', 'Command not found \'{0}\''
472 .format(cmd
['prefix']))
474 def notify(self
, notify_type
: NotifyType
, notify_id
):
475 NotificationQueue
.new_notification(str(notify_type
), notify_id
)
477 def get_updated_pool_stats(self
):
479 pool_stats
= {p
['id']: p
['stats'] for p
in df
['pools']}
481 for pool_id
, stats
in pool_stats
.items():
482 for stat_name
, stat_val
in stats
.items():
483 self
.__pool
_stats
[pool_id
][stat_name
].append((now
, stat_val
))
485 return self
.__pool
_stats
487 def config_notify(self
):
489 This method is called whenever one of our config options is changed.
491 PLUGIN_MANAGER
.hook
.config_notify()
493 def refresh_health_checks(self
):
494 self
.set_health_checks(self
.health_checks
)
497 class StandbyModule(MgrStandbyModule
, CherryPyConfig
):
498 def __init__(self
, *args
, **kwargs
):
499 super(StandbyModule
, self
).__init
__(*args
, **kwargs
)
500 CherryPyConfig
.__init
__(self
)
501 self
.shutdown_event
= threading
.Event()
503 # We can set the global mgr instance to ourselves even though
504 # we're just a standby, because it's enough for logging.
508 uri
= self
.await_configuration()
510 # We were shut down while waiting
517 def default(self
, *args
, **kwargs
):
518 if module
.get_module_option('standby_behaviour', 'redirect') == 'redirect':
519 active_uri
= module
.get_active_uri()
521 if cherrypy
.request
.path_info
.startswith('/api/prometheus_receiver'):
522 module
.log
.debug("Suppressed redirecting alert to active '%s'",
524 cherrypy
.response
.status
= 204
528 module
.log
.info("Redirecting to active '%s'", active_uri
)
529 raise cherrypy
.HTTPRedirect(active_uri
)
533 <!-- Note: this is only displayed when the standby
534 does not know an active URI to redirect to, otherwise
535 a simple redirect is returned instead -->
538 <meta http-equiv="refresh" content="{delay}">
541 No active ceph-mgr instance is currently running
542 the dashboard. A failover may be in progress.
543 Retrying in {delay} seconds...
547 return template
.format(delay
=5)
549 status
= module
.get_module_option('standby_error_status_code', 500)
550 raise cherrypy
.HTTPError(status
, message
="Keep on looking")
552 cherrypy
.tree
.mount(Root(), "{}/".format(self
.url_prefix
), {})
553 self
.log
.info("Starting engine...")
554 cherrypy
.engine
.start()
555 self
.log
.info("Engine started...")
556 # Wait for shutdown event
557 self
.shutdown_event
.wait()
558 self
.shutdown_event
.clear()
559 cherrypy
.engine
.stop()
560 self
.log
.info("Engine stopped.")
563 CherryPyConfig
.shutdown(self
)
565 self
.log
.info("Stopping engine...")
566 self
.shutdown_event
.set()
567 self
.log
.info("Stopped engine...")